From f87324df546055df1e7d038e63c04bb0d2250f55 Mon Sep 17 00:00:00 2001 From: Ludwig Krispenz Date: Jun 04 2015 09:42:44 +0000 Subject: crash when removing a replica when a server is removed from the topology the plugin tries to remove the credentials from the replica and the bind dn group. It performs an internal search for the ldap principal, but can fail if it was already removed Due to an unitialized variable in this case it can eitehr crash or erroneously remove all principals. Reviewed-By: Fraser Tweedale Reviewed-By: Petr Vobornik --- diff --git a/daemons/ipa-slapi-plugins/topology/topology_util.c b/daemons/ipa-slapi-plugins/topology/topology_util.c index d487cfb..67014a0 100644 --- a/daemons/ipa-slapi-plugins/topology/topology_util.c +++ b/daemons/ipa-slapi-plugins/topology/topology_util.c @@ -1201,7 +1201,15 @@ void ipa_topo_util_disable_repl_from_host(char *repl_root, char *delhost) { char *principal = ipa_topo_util_get_ldap_principal(repl_root, delhost); - ipa_topo_util_disable_repl_for_principal(repl_root, principal); + if (principal) { + ipa_topo_util_disable_repl_for_principal(repl_root, principal); + slapi_ch_free_string(&principal); + } else { + slapi_log_error(SLAPI_LOG_PLUGIN, IPA_TOPO_PLUGIN_SUBSYSTEM, + "ipa_topo_util_disable_repl_from_host: " + "failed to get ldap principal for host: %s \n", + delhost); + } } void @@ -1322,10 +1330,10 @@ char * ipa_topo_util_get_ldap_principal(char *repl_root, char *hostname) { int rc = 0; - Slapi_Entry **entries; + Slapi_Entry **entries = NULL; Slapi_PBlock *pb = NULL; char *filter; - char *dn; + char *dn = NULL; filter = slapi_ch_smprintf("krbprincipalname=ldap/%s*",hostname); pb = slapi_pblock_new();